The biggest data breach ever in the UK
March 3, 2014 7:28 AM   Subscribe

Care data is an ambitious attempt to use data to improve the care of patients in the UK. It uses the scale of the NHS dataset to give epidemiologists and medically researchers access to large datasets to improve research. And now it's been thrown into disarray by the responsible body selling the information to insurance companies and even more ....

Now it seems that the Health and Social Care Information Centre sold information about 47 million hospital admissions (including personally identifiable information) to PA consulting who boasted they had the "entire start-to-finish HES dataset across all three areas of collection – inpatient, outpatient and A&E". This was then uploaded to Google servers (non UK based and not subject to our data protection laws).

But that's not all - Ben Goldacre has tweeted that the hospital records data was also available online to anyone
posted by Gilgongo (40 comments total) 13 users marked this as a favorite
 
CAN OPEN ... WORMS EVERYWHERE
posted by GallonOfAlan at 7:29 AM on March 3, 2014 [3 favorites]


Run the Government like a business they say...
posted by Pogo_Fuzzybutt at 7:30 AM on March 3, 2014 [14 favorites]


I assume that the various world governments will go after these entrepreneurs with the same zeal that they have spent on other high-profile leakers....
posted by GenjiandProust at 7:37 AM on March 3, 2014 [19 favorites]


Here. You can have these bullets if you promise not to shoot me.
posted by Benny Andajetz at 7:41 AM on March 3, 2014


Don't you mean IRresponsible body?
posted by symbioid at 7:44 AM on March 3, 2014


Why do I want to see Malcolm Tucker cussing up a storm over this.
posted by symbioid at 7:47 AM on March 3, 2014 [5 favorites]


This was then uploaded to Google servers (non UK based and not subject to our data protection laws).

You can't magically evade data protection laws by hosting your data on offshore servers. If a UK entity is deemed to be in control of the data then they are still under the jurisdiction of the Data Protection Act. 'Exporting' data outside the European Economic Area is also subject to limitations.
posted by MuffinMan at 7:49 AM on March 3, 2014 [2 favorites]


This is how social engineering takes place. A businessman calls up the CEO and says, "Hey, can I have all of your patients' private information? I'll pay."
Damn those evil hackers.
posted by dances_with_sneetches at 7:55 AM on March 3, 2014 [3 favorites]


As soon as I heard of care.data I asked my GP for an opt-out. As much good as sharing medical data can do, I fundamentally mistrust this government (or even the last one) not to favour private medical companies over the NHS. They can keep on selling the NHS with impunity but my medical history is not a commodity.
posted by Thing at 8:04 AM on March 3, 2014 [1 favorite]


From the Independent article:
"The £2,220 purchase in 2012 was made by the Institute and Faculty of Actuaries..."

47 million records for about USD 5k.

I'm speechless.
posted by Dreidl at 8:05 AM on March 3, 2014 [6 favorites]


One of PA Consulting's directors is Esther Dyson, who Wikipedia describes as being focussed on "government transparency"! The chairman of the company is Marcus Agius, who presided as chairman over Barclay's Bank LIBOR scandal. Another director, Michael Queen, was on the board of Northern Rock!
posted by Thing at 8:12 AM on March 3, 2014


The society of actuaries which obtained the information used it to provide guidance to insurance companies about how to set their prices for critical illness cover, suggesting higher premiums could be justified for most customers below the age of 50.

Isn't that nice. I wonder what "could be justified" means exactly, other than "we need some window-dressing on the gouging-people part and $5000 is pretty cheap".
posted by Frowner at 8:29 AM on March 3, 2014


From the Independent article:
"The £2,220 purchase in 2012 was made by the Institute and Faculty of Actuaries..."

47 million records for about USD 5k.

I'm speechless.


Cheaper by the dozen, cheapest in lots of millions.

I wonder if there is some sort of disconnect for people dealing with that much information about other people. At some point, I can imagine that it just becomes unconnected data. "So you want a ton of our data. What's it worth to me? Um, how about £2,500? Too high? Sure, £2,220 sounds good to me."
posted by filthy light thief at 8:37 AM on March 3, 2014


I used to work for a IT company in the medical field. A senior executive came in to talk to us in regards to HIPPA, he said that "no medial software company has ever had a HIPPA case filed against them". I can't tell you how many possible HIPPA violations I saw personally, none with malice or wrong doing, but more carelessness. Trying to make bits not copyable is like trying to make water not wet.

Making data private isn't something the law can not enforce. These kinds of stories happen much more often than they are reported. If your data is out there, you can not assume it is safe.
posted by jonclegg at 8:38 AM on March 3, 2014


Oh that's just fucking lovely.

I used to work for a small NHS project that focused on data quality at GP offices.

Which completely makes sense, because if you're allergic to penicillin or you've had a kidney transplant, you want the right goddamn information in your file, and a lot of GP offices just...don't. Sometimes because the doctor forgets to put something in, sometimes because you've moved and they've faxed your records from one GP to another, and that smudge on the fax machine was misinterpreted by the temp they have entering in records, sometimes because their fingers slipped and typed in SC56488620 instead of SC54688620.

And while we educated GPs and staff on how to use their systems properly, we also checked their data - thoroughly anonymised and designed so that we only got codes for certain diseases and locations. So, for example, if one GP's office reported a massive increase in Type 2 Diabetes from one month to the other, we could check back with them to see if someone was just typing in the wrong code or if it really was an increase. And then go back and train them properly, if we needed to.

So every time someone fucks around with health data like this, I get incredibly annoyed, because, with proper precautions in place, having this data is lovely. It means that you can be sure that your medical history is correct and that you're not just helping yourself by having a correct medical record, you're helping everyone around you - not just in your town, but in the entire country.

But instead, they sell it to fucking consulting companies, who are only interested in seeing how heavy a profit margin they can put on your life. And then all the data quality reviews, all the major trends in health, all of the good that the data could serve - it's just lost, and we're left with a mess.

Stop fucking around with our data. I want the right people to have the right access to my data, and every time people fuck up, I get angrier.
posted by Katemonkey at 8:39 AM on March 3, 2014 [34 favorites]


I half suspect that all these things (announcing that the police will have warrantless access to all patient data, selling data to insurance companies with a half-arsed pseudonymisation scheme and toothless regulations, and generally slipshod handling of sensitive patient data) are not so much accidental as, if not deliberate, then emerging from a deliberate policy. The objective being to transform the NHS from a cherished bulwark of 1948-vintage socialism to an oppressive tool used to unsympathetically harvest the public for corporate profits, driving home the message that socialism is oppressive, and you're better off with a free-market system where you pay upfront and are treated like a customer, rather than a milk cow.

(Of course, the flip side of this is that, if you can't pay, and don't have US-style employer-provided health insurance, then you're probably surplus to requirements, and your death will be a net surplus economically.)
posted by acb at 8:45 AM on March 3, 2014 [6 favorites]


Care.data is in principle a brilliant idea to enable powerful population-scale medical research and, over time, significantly improve patient outcomes.

My only problem is that it will inevitably be built and managed by a bunch of fuckwits who have demonstrated time and time again that they cannot be trusted with data of this kind. It's not even malevolence, for the most part, just sloppiness and lack of forethought.

I'd probably be for it if the data was going to be restricted to a dedicated team within the NHS, or even shared with well-defined institutions policed by very smart auditors who carry big sticks. But semi-anonymised (i.e.: not anonymised) data passed to anyone who asks, with no auditing of their data security policies or actual usage? No thanks. That's trusting too many sets of rules, and too many overworked or poorly educated people on the front line.

I've never actually seen a patient data breach in the wild, but I've seen some alarmingly stupid behaviour from people who should know better: NHS computers left logged on and unattended in shared offices, people offering to move patient data over dropbox, etc. As I said, nothing I've seen actually resulted in data ending up where it shouldn't: I or a fellow student promptly logged out of whatever account we saw left open; people offering to use dropbox got told off before actually moving the files. But it has left me deeply suspicious of offering sensitive data to large numbers of people who went on a one-afternoon data handling course, and see those rules as incidental or an impediment to their real job of playing with the data.

It's tragic, because this data really could do wonderful things for the NHS and its patients. Heck, it would make aspects of my current project in work dramatically easier and more reliable (NB: IANADoctor). But in its current form, the plan sounds like a long series of fuckups waiting to happen.
posted by metaBugs at 8:47 AM on March 3, 2014 [1 favorite]


So this is a terrible breach of privacy. However...

It'd be fantastic if there were a way to anonymize this data. And then publish it, for free, for absolutely anyone to work with. Particularly data journalists. A big part of Obamacare is forcing the medical services companies to provide data on treatment costs and outcomes. Hopefully in about 10 years it will let us build up some data in the US on what sorts of medical care are actually effective in practice. And what hospitals have histories of overcharging, bad patient outcomes, etc.

Then again the US is way behind when it comes to medical data collection and analysis. Do any European countries make national healthcare data available for analysis? Again I mean in some suitably privacy-preserving way, not some jackass at NHS selling a bunch of ungroomed files to insurers.
posted by Nelson at 8:49 AM on March 3, 2014 [1 favorite]


Do any European countries make national healthcare data available for analysis?

Access to patient data is not new. IMS Health has been supplying anonymized patient data to pharma companies for years.
Electronic Medical Record (EMR) Vendors
In the U.S. and major European countries, EMR vendors and physician users send us information on patient treatments and clinical measures recorded in the course of patient care. Our database includes input from 85,000 physicians and records on 33 million unique, de-identified patients. This information contributes to our overall understanding of how medicine is practice
posted by MuffinMan at 8:54 AM on March 3, 2014


"Denmark is a notable exception. The country is known as a global leader in health records. This relies on two things, says J Michael Hasenkam, chairman of the Danish Medical Associations, an umbrella organisation for all 170 medical-scientific societies in the country. One is its very strong records, held in a range of databases of different scopes, and the other is “the fact that every single individual can be traced by a centralised electronic ID and a national recording system which registers every contact with the healthcare system, down to every prescription.” It is the latter, rather than am overarching, top-down piece of software that lets the Danish system work."
posted by GallonOfAlan at 8:54 AM on March 3, 2014 [3 favorites]


I am not happy these NHS records were sold to anyone.
posted by Mister Bijou at 8:57 AM on March 3, 2014 [2 favorites]


The data set was so large it took up 27 DVDs and took a couple of weeks to upload

Of course, that's the Big Data way! Instead of going to Best Buy and buying a $100 3TB hard drive and running a few Python scripts, which is ridiculous...
posted by RobotVoodooPower at 9:01 AM on March 3, 2014


They didn't actually sell the data. They charged a tiny fee for it's compilation. They gave the data away for free.

Which is amazing because the UK government is/was really tight-arsed about other publically funded government data charging massive competition stifling fees for use (like maps).
posted by srboisvert at 9:02 AM on March 3, 2014 [1 favorite]


Careful pattern-searching and data sifting will reveal that this is my unsurprised face. This government is just a string of inept fire-sales in one form or another.

Co-inki-dinkily, http://www.hscic.gov.uk seems to have been taken down.
posted by forgetful snow at 9:06 AM on March 3, 2014 [1 favorite]


My only problem is that it will inevitably be built and managed by a bunch of fuckwits who have demonstrated time and time again that they cannot be trusted with data of this kind. It's not even malevolence, for the most part, just sloppiness and lack of forethought.

That last sentence was how I knew you were British, and not American. In America the data would be sold by someone with a religious devotion to unfettered business, aka "evil".
posted by benito.strauss at 9:22 AM on March 3, 2014


Which is amazing because the UK government is/was really tight-arsed about other publically funded government data charging massive competition stifling fees for use (like maps).

God yes. Try to buy a simple historical survey map of the UK? Prepare to be gouged like never before.
posted by winna at 9:49 AM on March 3, 2014


I feel like such an awful, evil person for even thinking this, but Ivan Cameron could easily be recognized in this data using publicly available information. It should bring home to the government just how gross this breach of privacy is.
posted by Thing at 9:50 AM on March 3, 2014 [1 favorite]


What a cluster fuck.
posted by homunculus at 10:02 AM on March 3, 2014


Jesus. And there is nothing we can do about any of this. Nothing. Any of it.

*Goes back to synthesizer thread*
posted by marienbad at 10:31 AM on March 3, 2014


Correct me if I am wrong, but isn't part of the US's ACA all about patient data portability? So that if you live in Idaho, but get swallowed by a whale off the coast of Massachusetts, and later spit out in Narragansett bay the local Dr. would be able to access your records? Couldn't that collection of data be sold or swapped in a similar fashion to the OP?
posted by Gungho at 10:33 AM on March 3, 2014


Another good link for this is medConfidential an independent, non-partisan public campaign fighting for confidentiality and consent in health and social care.

It was founded in January 2013 by several existing organisations – Privacy International, Big Brother Watch, NO2ID, FIPR, TheBigOptOut, Terri Dowty (former Director of ARCH) and Phil Booth (former National Coordinator of NO2ID) – in direct response to the imminent and serious threat posed by radical changes in the way NHS England collects and passes on patient health information from NHS health record systems in England.
posted by Lanark at 10:42 AM on March 3, 2014


Correct me if I am wrong, but isn't part of the US's ACA all about patient data portability? So that if you live in Idaho, but get swallowed by a whale off the coast of Massachusetts, and later spit out in Narragansett bay the local Dr. would be able to access your records? Couldn't that collection of data be sold or swapped in a similar fashion to the OP?

This has nothing to do with portability of medical records. It's about a wilful attempt by those in control of the NHS to release data to third parties. The problem is that while data sharing can be useful, the date in neither fully anonymized nor (seemingly) are there limits on who can get the data.
posted by Thing at 10:49 AM on March 3, 2014 [3 favorites]


In addition to the problem of the data not being sufficiently anonymized, there were not proper oversight mechanisms in place. I suspect that there may be too much overlap between the responsible people in HSCIC/NHS and the insurance industry. Independent oversight, including representative from patients' rights groups, is necessary.
posted by neutralmojo at 11:32 AM on March 3, 2014


I'm confused a bit about what data is what, but Ben Goldacre is now reporting that the data HSCIC released in at least one context was not real.
posted by edd at 11:59 AM on March 3, 2014 [1 favorite]


working on a few quality improvement projects I've used HES data sets on three occasions and been profoundly unimpressed.

e.g. I asked to see the data on all spinal decompressions performed in a region over a 12 month period.
Of the 60+ names shown as performing the op, only 21 were actually surgeons qualified to perform it. There was even an endocrinologist and a psychiatrist in the mix somehow. It reminded me of an hysterical Daily Mail headline.....
posted by Wilder at 12:40 PM on March 3, 2014


The HES data set contains vast amounts of information about all A&E attendance and in patient treatment.

This specification gives an idea of why people are getting upset.

"Hospital Episode Statistics (HES) contains around 1 billion records on patients attending Accident and Emergency units, being admitted for treatment or attending outpatient clinics at NHS hospitals in England.

The Mental Health Minimum Data Set (MHMDS) contains data on patient spells of care in NHS-funded adult specialist mental health services, combined with a range of patient-level demographic detail.

The HES-MHMDS linkage enables patients' mental health data going back to 2006/07 to be matched to their recorded interactions with acute secondary care services."


And the poor quality of some of the information only makes it worse.
posted by Gilgongo at 1:36 PM on March 3, 2014 [1 favorite]


care.data and HSCIC is a disaster.
Setup to fail (not enough money), and with not enough safeguards.
It's all a product of arrogance and zealotry.
Oh, and with no mandate.
posted by rolandroland at 3:19 PM on March 3, 2014


Wow. That happened a lot faster than I thought it would.
posted by runcibleshaw at 11:38 PM on March 3, 2014


Two grand?
Wow, ROI much?
posted by fullerine at 1:42 AM on March 4, 2014


I was just arguing about Caredata on FB on a British friend's page. Some jackass friend of his was touting the concept as a Very Good Thing. When I challenged his position, he showed himself to be a very stuffed shirt and such a total squirrel he decided he had to block me. (I didn't know I could be blocked from seeing a persons posts in an existing thread I'm already participating in). My friend was posting to his friends to opt-out before the deadline, and this bozo was telling everyone "Don't Worry!"

I feel so deliciously vindicated.
posted by Goofyy at 12:05 AM on March 6, 2014


« Older But you should see the size of the ones that got...   |   A simple, concise and informative primer: Newer »


This thread has been archived and is closed to new comments